LoadClientTLSConfigForInternalPort loads tls config for connecting to internal ports of cluster
(v *viper.Viper)
| 88 | |
| 89 | // LoadClientTLSConfigForInternalPort loads tls config for connecting to internal ports of cluster |
| 90 | func LoadClientTLSConfigForInternalPort(v *viper.Viper) (*tls.Config, error) { |
| 91 | tlsFlag := z.NewSuperFlag(v.GetString("tls")).MergeAndCheckDefault(TLSDefaults) |
| 92 | |
| 93 | if !tlsFlag.GetBool("internal-port") { |
| 94 | return nil, nil |
| 95 | } |
| 96 | if tlsFlag.GetPath("client-cert") == "" || tlsFlag.GetPath("client-key") == "" { |
| 97 | return nil, errors.Errorf(`Inter-node TLS is enabled but client certs are not provided. ` + |
| 98 | `Inter-node TLS is always client authenticated. Please provide --tls ` + |
| 99 | `"client-cert=...; client-key=...;"`) |
| 100 | } |
| 101 | |
| 102 | conf := &TLSHelperConfig{} |
| 103 | conf.UseSystemCACerts = tlsFlag.GetBool("use-system-ca") |
| 104 | conf.RootCACert = tlsFlag.GetPath("ca-cert") |
| 105 | conf.CertRequired = true |
| 106 | conf.Cert = tlsFlag.GetPath("client-cert") |
| 107 | conf.Key = tlsFlag.GetPath("client-key") |
| 108 | return GenerateClientTLSConfig(conf) |
| 109 | } |
| 110 | |
| 111 | // LoadServerTLSConfigForInternalPort loads the TLS config for the internal ports of the cluster |
| 112 | func LoadServerTLSConfigForInternalPort(v *viper.Viper) (*tls.Config, error) { |
no test coverage detected